System and Method for Securing On-Line Documents Using Authentication Codes

1. A method for vending printed on-line lottery tickets from a plurality of terminals connected to a central server over a network, and for subsequent authentication of the lottery tickets presented for redemption, said method comprising: for each of the terminals that prints a lottery ticket with a player's entry in a lottery game, generating an asymmetric key pair at the terminal that is unique to the respective terminal, the asymmetric key pair comprising a first private key that is stored at the respective terminal and a corresponding second public key; encrypting the second public key using a permanent terminal private key to create a certificate, wherein the first private key is different from the permanent private key of the terminal; communicating the certificate to and storing the certificate in the central server, the central server storing respective certificates for the plurality of terminals; at a vending time of a lottery ticket at a terminal, communicating a request by the terminal to the central server for a unique serial number and other data piece to be printed in plain text on the lottery ticket by the terminal; upon receiving the request for the unique serial number and other data piece, the central server verifying that a certificate has been generated and stored for the respective requesting terminal, and upon satisfying the verification, the central server assigning a plain text data piece and unique serial number to the lottery ticket to be printed at the requesting terminal; upon receipt of the plain text data piece and unique serial number, the requesting terminal generating an authentication code by encrypting the unique serial number and plain text data piece using the first private key, and printing the authentication code, plain text unique serial number, and plain text data piece on the lottery ticket along with the player's entry in the lottery game without transmitting the authentication code back to the central server at the time of purchase and printing of the lottery ticket, and wherein the plain text data piece comprises a multi-digit date corresponding to the date of purchase of the lottery ticket; upon subsequent verification of a lottery ticket presented for redemption, transmitting the authentication code and plain text unique serial number and data piece printed on the presented lottery ticket to the central server, the central server then retrieving the certificate corresponding to the unique first private key used to create the authentication code on the lottery ticket at time of printing the lottery ticket, deciphering the second public key from the certificate using a permanent terminal public key, and deciphering the authentication code using the second public key; and the central server verifying the lottery ticket as authentic if the authentication code is validly deciphered using the second public key such that the deciphered authentication code matches the plain text serial number and data piece printed on the lottery ticket.

2. The method as in claim 1 , wherein the certificate is communicated to the central server with the request for the unique serial number and other data piece.

3. The method as in claim 1 , further comprising randomly changing the asymmetric key pairs generated by the terminals, the central server maintaining a library of second public keys for each respective terminal so that the correct second public key is available for deciphering the authentication code even after the asymmetric key pairs have been changed at the terminal.

4. A system configured for vending on-line printed lottery tickets that include a player's entry in a lottery game, and for authentication of lottery tickets subsequently presented for redemption, said system comprising: a plurality of remote lottery terminals in communication with a central server over a network, the lottery terminals including printing devices for printing the lottery tickets; each of the terminals configured to generate an asymmetric key pair that is unique to the respective terminal, the asymmetric key pair comprising a first private key that is stored at the respective terminal and a corresponding second public key that is communicated by the terminal to the central server; each of the terminals further configured to generate a permanent terminal private key and a permanent terminal public key and to encrypt the second public key using the permanent terminal private key to create a certificate that is communicated by the terminal to the central server, wherein the permanent terminal private key and the permanent terminal public key are different from the first private key and the second private key; the central server including a memory in which the respective certificates for the plurality of terminals are stored; the central server configured to generate a unique plain text serial number and date to each lottery ticket printed at one of the terminals upon request of the terminals and verification that a certificate is stored at the central server for the lottery terminal making the request; each of the terminals further configured to generate an authentication code for each lottery ticket printed at the terminal by using the first private key to encrypt the unique plain text serial number and date received from the central server, and to print the authentication code and plain text serial number and date on the lottery ticket along with the player's entry in the lottery game, wherein the authentication code is not transmitted to the central server and is contained only on the printed lottery ticket, at the time of purchase; for subsequent authentication of a lottery ticket presented for redemption, the central server configured to retrieve the certificate from memory corresponding to the unique first private key used to create the authentication code on the lottery ticket, decipher the second public key from the certificate using the permanent terminal public key, and decipher the authentication code using the second public key; and the central server configured to indicate that the lottery ticket presented for redemption is authentic if the authentication code is validly deciphered using the second public key such that the deciphered authentication code matches the unique plain text serial number and date printed on the lottery ticket.

5. The system as in claim 4 , wherein the terminals transmit the certificate to the central server with the request for the serial number and date at the time of vending of a lottery ticket.

6. The system as in claim 4 , wherein the terminals are configured to randomly change the asymmetric key pair, the central server including a library of second public keys for each respective terminal so that the correct second public key is available for deciphering the authentication code even after the asymmetric key pair has been changed at the terminal.